Technology news and Jobs 
Information Technology News Firefox 2.0.0.10 patches high-impact security flaws
Information Technology News Firefox 2.0.0.10 patches high-impact security flaws | Firefox 2.0.0.10 patches high-impact security flaws |
|
| by Stephen Withers | |
| Wednesday, 28 November 2007 | |
      
The delivery of the update follows a 'test day' last Friday that was intended to shake out any issues that remained in the release candidate. Firefox 2.0.0.10 restricts the jar: URI scheme to files delivered with a MIME type of application/java-archive or application/x-jar to avoid trusting non-Java content that could be used in cross-site scripting attacks. The flaw had been exploited to steal Gmail contact lists. Another specific issue corrected by the update blocks a way of carrying out cross-site request forgery attack on sites by generating a fake HTTP Referrer header. Also patched are three bugs that had been shown to cause memory corruption in some circumstances and that could potentially be exploited to execute arbitrary code. No other changes were made to the application. The update is being pushed out to Firefox users, or the new version can be downloaded from Mozilla.com. |
Tags
| < Next story in category | Previous story in the category > |
|---|
